Did you know Hackers Bypass 2FA Using Stolen Session Cookies, SpyCloud Reports 17.3 Billion Stolen in 2024

 

Many people assume that two-factor authentication (2FA) is a good security measure but hackers are starting to bypass it as well. If you are not using passkeys, then it means that your passwords are prime targets for many hackers. Most of the time, many stolen credentials are already available for hackers on the black market which makes their attacks easier. 50% of the users also reuse their passwords which puts their multiple accounts at risk. Hackers cannot get into your accounts if you have 2FA enabled but they are still finding ways to make it possible.

Hackers are using session specific cookies called session cookies to steal the code of your 2FA. These cookies have login details and a flag that confirms that 2FA was completed. Threat actors are using attacker-in-the-middle (AiTM) techniques to intercept and steal session cookies after a user logs in with his password and 2FA. As the cookie shows that the session is authorized, attackers can reuse it without needing your two-factor authentication code.

According to SpyCloud’s 2025 Identity Exposure Report, 17.3 billion session cookies were stolen in 2024 from malware-infected devices and those cookies also contained URLs that enabled session hijacking. This shows that session cookies have become a powerful tool for hackers which can enable them to bypass 2FA and hijack accounts. To prevent yourself from 2FA bypass attacks, make sure to use passkeys and follow phishing prevention practices.